EP2880587A2 - Procédés, systèmes et support lisible par ordinateur pour surveillance active, protection de mémoire et vérification d'intégrité de dispositifs cibles - Google Patents
Procédés, systèmes et support lisible par ordinateur pour surveillance active, protection de mémoire et vérification d'intégrité de dispositifs ciblesInfo
- Publication number
- EP2880587A2 EP2880587A2 EP13824785.3A EP13824785A EP2880587A2 EP 2880587 A2 EP2880587 A2 EP 2880587A2 EP 13824785 A EP13824785 A EP 13824785A EP 2880587 A2 EP2880587 A2 EP 2880587A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- virtual processor
- world virtual
- normal world
- normal
- integrity verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000012795 verification Methods 0.000 title claims abstract description 48
- 230000004224 protection Effects 0.000 title claims abstract description 32
- 238000012544 monitoring process Methods 0.000 title claims abstract description 26
- 230000000694 effects Effects 0.000 claims abstract description 11
- 239000003795 chemical substances by application Substances 0.000 claims description 36
- 239000013598 vector Substances 0.000 claims description 7
- 238000013519 translation Methods 0.000 claims description 5
- 230000003068 static effect Effects 0.000 claims description 4
- 230000000116 mitigating effect Effects 0.000 claims 6
- 230000004044 response Effects 0.000 claims 2
- 230000008569 process Effects 0.000 description 14
- 238000012986 modification Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 238000005259 measurement Methods 0.000 description 6
- 238000002955 isolation Methods 0.000 description 5
- 238000013507 mapping Methods 0.000 description 5
- 239000013256 coordination polymer Substances 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 206010000210 abortion Diseases 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 210000003813 thumb Anatomy 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3024—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a central processing unit [CPU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/815—Virtual
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Definitions
- the subject matter described herein relates to computer system security. More particularly, the subject matter described herein relates to methods, systems, and computer readable medium for active monitoring, memory protection, and integrity verification of target devices.
- OS operating system
- critical programs like user processes or system management daemons, which run inside the target system.
- modifying the OS kernel could allow malicious attackers to have an unlimited access to the whole system.
- a normal world virtual processor and a secure world virtual processor are instantiated on a target device.
- a target operating system is executed on the normal world virtual processor.
- An integrity verification agent is executed on the secure world virtual processor.
- Predetermined operations attempted on the normal world virtual processor are trapped to the secure world virtual processor.
- the integrity verification agent is used to determine the effect of the execution of the trapped operations on the target device.
- the system includes a normal world virtual processor and a secure world virtual processor configured to execute on a target device.
- the system also includes an integrity verification agent configured to execute on the secure world virtual processor.
- the system further includes a target operating system that executes on the normal world virtual processor.
- the normal world virtual processor is configured to trap to the one or more predetermined operations attempted on the normal world virtual processor.
- the secure world virtual processor is configured to use the integrity verification agent to determine the effect of execution of the trapped operations on the target device.
- the subject matter described herein for active monitoring, memory protection and integrity verification of target devices may be implemented in hardware, software, firmware, or any combination thereof.
- the terms “function” or “module” as used herein refer to hardware, software, and/or firmware for implementing the feature being described.
- the subject matter described herein may be implemented using a computer readable medium having stored thereon computer executable instructions that when executed by the processor of a computer control the computer to perform steps.
- Exemplary computer readable media suitable for implementing the subject matter described herein include non-transitory computer-readable media, such as disk memory devices, chip memory devices, programmable logic devices, and application specific integrated circuits.
- a computer readable medium that implements the subject matter described herein may be located on a single device or computing platform or may be distributed across multiple devices or computing platforms.
- Figure 1 is a block diagram of sample encoding of an MCR instruction
- Figure 2 is a block diagram a system for active monitoring and memory processing of a target device according to an embodiment of the subject matter described herein.
- aspects of the subject matter described herein may provide a hardware-based isolation between a normal world virtual processor and a secure world normal processor.
- Certain processor architectures such as the ARM architecture provided by ARM Holdings pic, provide such isolation. In ARM, this feature is known as the ARM TrustZone technology.
- ARM'S TrustZone technology enables hardware-based isolation to separate the code execution on a single physical processor core into two worlds, "the secure world” and "the normal world” (or “the non-secure world”).
- the secure world is intended for security sensitive operations, while the normal world is intended for other operations.
- This arrangement may be implemented on a variety of architectures. Although some aspects of the subject matter described herein use the ARM TrustZone architecture, it will be understood that methods and techniques described herein can be implemented on other processor architectures, now known or later developed.
- the target operating system in principle can be any operating system, such as Android, embedded Linux, NetBSD, or any other OS now known or later developed.
- the target operating system may include a kernel that is responsible for managing the device resources.
- the code of the OS kernel may execute in a "privileged mode" and may be allowed to execute privileged instructions and security critical operations.
- the target device may have multiple user processes and/or daemons that execute in an unprivileged "user mode" and may not be allowed to execute privileged instructions and security critical operations.
- one or more predetermined operations such as security critical operations and privileged instructions, attempted on the normal world virtual processor are trapped to the secure world virtual processor.
- trapping a security critical operation or a privileged instruction may include switching the execution context from the normal world virtual processor to the secure world virtual processor.
- the security critical operation or privileged instruction may be executed by the integrity verification agent running in the secure world rather than the target operating system running in the normal world.
- an integrity verification agent may be used to determine the effect of the execution of the trapped operations on the target device.
- the target OS running on the normal world virtual processor may be modified so that it is not capable of executing predetermined security critical operations or privileged instructions without trapping the predetermined operations or instructions to the integrity verification agent running on the secure world virtual processor.
- the target operating system kernel may be modified so that all the privileged instructions are removed from its executable binary.
- security privileged instructions include, but are not limited to, instructions that control the Memory Management Unit (MMU) of the target device.
- MMU Memory Management Unit
- the modified executable binary may be marked as read-only to avoid potentially malicious modification, e.g., an unauthorized instruction to add privileged instructions back into the binary.
- a method in accordance with aspects of the subject matter described herein may include that the target operating system's unprivileged programs (e.g., user processes) are memory mapped as "privileged-execute never", so they are not allowed to execute privileged instructions even if they are maliciously modified.
- unprivileged programs e.g., user processes
- modifying the normal world OS may be done by using any of the known techniques of directly modifying its source code, modifying its executable binary, or using binary translation.
- a method in accordance with aspects of the subject matter described herein may further include using memory access protection to prevent the target operating system from gaining the required memory access to execute security critical operations.
- security critical operations may include, but are not limited to, modifying the page tables that define the memory mapping of the system or modifying the Direct Memory Access (DMA) controller.
- the DMA controller may determine which memory is accessible by peripheral devices. Attacks may try to exploit the DMA controller so as to use peripheral devices to modify the code or data of the normal world virtual processor.
- a method in accordance with aspects of the subject matter described herein may include detecting an integrity violation of the target device when the integrity verification agent detects an attempt to execute a privileged instruction or a security critical operation that violates a predetermined policy.
- the policy may include, but is not limited to, not allowing modifications to the executable binaries of the normal world OS, disabling the memory access protection of the normal world OS, or modifying a read-only critical data structures, of the normal world OS.
- Our main goal is to prevent security attacks that attempt to modify the target device, or portion therein, such as a normal world operating system.
- aspects of the subject matter described herein may comprise techniques and/or methods for detection of malicious attacks by generating an up-to-date report about the integrity status of the normal world operating systems.
- aspects of the subject matter described herein may comprise techniques and/or methods may comprise preventing instructions and/or operations that may result in compromising the integrity of the normal world operating system before they are executed.
- aspects of the subject matter described herein may comprise techniques and/or methods for detection or prevention of malicious attacks or a combination of both.
- aspects of the subject matter described herein may provide methods, modules, and/or devices that include one or more of the following capabilities:
- Integrity verification that may be based on a predetermined security policy.
- the input events used to verify if one or more security policies is violated or not can result from the (mentioned above) active monitoring and/or the memory protection.
- the integrity verification (measurement) agent may execute as a part of the secure world, while the target operating system runs or executes in the normal world.
- the secure world may do load-time verification of the normal world kernel through calculating the checksum of the loaded binary (this process is widely known as static measurement).
- the load-time verification may also extend to verify that the normal world kernel is properly modified for our intended protection by removing all privileged instructions from its binaries.
- the OS kernel is the only software executing privileged instructions on the normal world virtual processor. Furthermore, the kernel may not rely on mixed writable and executable pages. Through our experimental evaluation, we found that many of the recent versions of OS kernels (e.g., Android and Linux) follow this assumption by separating executable code from writable data.
- OS kernels e.g., Android and Linux
- a method in accordance with aspects of the subject matter described herein considers all attacks that aim to stealthily execute code inside the normal world operating system.
- stealthily means that the code would be executed without updating the integrity verification agent that runs in the secure world.
- Such attacks can be done either by loading new unverified code binaries or by modifying code binaries that were previously mapped and already exist in memory. We design our system to handle both cases.
- a method in accordance with aspects of the subject matter described herein may further consider all attacks that aim to modify security critical data inside the normal world operating system. In this context, the security-critical data should be predefined for the integrity verification agent to monitor its modification.
- Attackers can use any existing system vulnerability to hack into the normal world operating system, including kernel vulnerabilities that will allow them to control the normal world kernel. We guarantee that our system should detect and/or prevent any of these vulnerabilities, given that they involve loading new code or modifying existing code.
- one exemplary design of our system is based on ARM TrustZone. Despite the fact that this gives stronger hardware-based protection, it limits its capabilities of closely controlling the measurement target (the normal world operating system). In the following, we discuss the main challenges and limitations that face implementing an active monitoring and memory protection in embodiments that use ARM TrustZone-based integrity monitoring.
- TrustZone The main purpose of the TrustZone technology is to create a hardware isolated environment that prevents security critical assets (secure world memory and peripherals) from being accessed by the normal world. However, such isolation in principal gives either one of the two worlds full control over its own resources. Thus, the normal world kernel has full control of its assigned physical memory, which includes fully configuring the Memory Management Unit (MMU) and assigning access permissions (e.g., readonly, writable, executable) to its mapped memory pages. Intuitively, such architecture introduces challenges for secure world components to monitor and protect critical memory regions that belong to the normal world.
- MMU Memory Management Unit
- Interrupts and exception handling in TrustZone Although TrustZone allows the secure world to select a set of events that would be handled by the secure world. These events are limited to external interrupts (IRQs or FIQs) and certain type of exceptions (e.g., external data aborts). However, other types of exceptions and critical events (e.g., regular data abort exceptions, or the supervisor mode calls used for system calls) cannot be configured to trap to the secure world and are handled directly by the normal world. Intuitively, such events could have an impact on the integrity status of the normal world. If these events are not trapped by the secure world, such impact on integrity can go unnoticed by the integrity monitoring agent.
- IRQs or FIQs external interrupts
- exceptions and critical events e.g., regular data abort exceptions, or the supervisor mode calls used for system calls
- aspects of the subject matter described herein allow active monitoring of the normal world by trapping critical events into the secure world. Moreover, we use this active monitoring technique to possess control over the virtual memory mapping of the normal world so that it can provide full protection of the normal world memory using virtual memory access permission flags.
- ARM v7 architecture supports coprocessors, to extend the functionality of an ARM v7 processor.
- the coprocessor instructions provide access to sixteen coprocessors (0 to 15).
- Coprocessor 15 (CP15) provides system control registers that control most processor and memory system features (e.g., the MMU, interrupt vector handler, caching, performance models).
- Controlled access to the CP15 coprocessor Accessing ARM v7 CP15 for read and write can be done through special commands (e.g., MCR and LDC). This is restricted so that it only occurs from privileged software (i.e., kernel code). Moreover, ARM v7 virtual memory system architecture can specify that only a defined set of memory pages are allowed to execute in the privileged mode using the Privileged Non eXecute (PXN) access permission.
- PXN Privileged Non eXecute
- Aligned native code ARM instruction set (either thumb or arm) consists of native code that consists of a sequence of 32-bit or 16-bit aligned single binary instructions. Each binary instruction incorporates the opcode and the operands in one 32-bit or 16-bit binary word.
- the normal world is initialized so that it only allows certain memory ranges (defined by virtual memory access control) to execute privileged code.
- this may be done by loading a trusted preconfigured initial image of the normal world.
- these privileged memory pages are marked non- writable and are carefully inspected so that they do not contain any single instruction that does certain privileged operations (for example, instructions that modify critical registers in the CP15 of ARM v7 architecture), it will not be possible for the normal world to run these instructions. Consequently, the normal world kernel will not be able to modify the processor functionalities that are controlled by these instructions (for example, functionalities that are controlled by specific critical CP15 registers of the ARM v7 architecture).
- these critical instructions collectively may be the only method for controlling the virtual memory access control of the normal world virtual process.
- the virtual memory map of the normal world may be configured (either by the normal world or the secure world) so that privileged code pages, which include the interrupts and exceptions handling vectors, are marked non-writable.
- All other normal world mapped pages that either belongs to the kernel or user processes may be marked as PXN pages so that even if they are modified later, they are never allowed to execute privileged instructions (for example those that access specific security-critical registers of the ARM v7 CP15) that modify the status of the normal world.
- All page tables, which are used to define the normal world memory layout and access control, may be marked non-writable. Thus, any modifications to the page tables will cause a data abort exception. In some embodiments, these page tables may be pointed to by the ARM v7 CP15 Translation Table Base Registers (TTBRs), or any other register with similar functionality on other architectures. .
- TTBRs Translation Table Base Registers
- the non-writable kernel pages may be modified so that a call to the secure world virtual processor (for example a Secure Monitor Call (SMC) instruction) replaces security critical operations and privileged instructions (e.g., data abort exception handler, instruction abort handler, writes to page tables, and CP15 register writes).
- SMC Secure Monitor Call
- privileged instructions e.g., data abort exception handler, instruction abort handler, writes to page tables, and CP15 register writes.
- the secure world may inspect critical events and forward them to the integrity measurement agent to evaluate their impact on the integrity status of the system.
- the secure world will do the required page table modification on behalf of the normal world kernel after affirming that it does not violate the predetermined security policy or revert any of the operations defined by steps 1 -4 (In some embodiment, the predetermined security policy may include prohibiting giving write access to original kernel pages or any page tables. It may also prevent mappings of privileged executable pages).
- the integrity verification agent may use a computer readable medium (for instance volatile or non-volatile memory) to store information about the status of the normal world memory map and/or any required security police.
- a computer readable medium for instance volatile or non-volatile memory
- the integrity verification agent may store a bitmap that marks the status of every page of the normal world so that it can detect id writes to this page (or changing its memory mapping in the corresponding page table entries) would violate any security police or not.
- Steps 1 and 2 prevent any potentially malicious software running inside the normal world from executing privileged instruction either by mapping the instructions in the memory or by modifying any of the privileged already- mapped instructions.
- ARM native code only consists of 32-bit or 16-bit instructions makes it feasible to scan the executable privileged pages word by word and affirm that none of the instructions would access a critical register.
- Figure 1 shows a sample encoding of the MCR instructions that is used to write to a CP register.
- the CP registers are defined by the CP number and four other parameters: CRn, CRm, opd , and opc2. If all 32-bit (aligned) values of the privileged executable pages are inspected so that no instruction would match an MCR to this specific register, we can guarantee that this register will never be modified by the normal world.
- the critical registers that we target are particularly those that disable the MMU, relocate the interrupt vector handler, or relocate the base address of the virtual addressing translation tables.
- Step 3 guarantees memory protections.
- the TTBRs which point to the base of page tables, are part of CP15. TTBRs will be marked among those registers that are prohibited to be modified by the normal world kernel (as mentioned in step 2). Thus, the normal world will be restricted to use a specific physical memory as the page tables. The initialization code will map this physical memory (the page tables) non-writable. Hence any page table updates will cause a data abort. Since all data abort exceptions will be trapped to the secure world (as discussed in step 4), all page table modifications will be inspected by the secure world before actually taking effect in the normal world.
- Step 4 guarantees the required active monitoring.
- critical events such as modifying a TTBR value to context switch between user processes, are going to be impossible to execute in the normal world.
- the normal world kernel to call the "SMC" instruction and let the critical operation be handled by the secure world.
- the security of this operation is supported by the fact that both CP register writes and "SMC" calls are atomic operations that consist of a single instruction.
- all integrity checks e.g., verifying that the new page tables does not have writable privileged pages
- Even a kernel subverted by a return-oriented attack will not be able to modify critical status by jumping through the middle of composite code and skip potential normal world integrity verification.
- step 5 means that the secure world will be the single point of integrity verification that guarantees that the active monitoring capabilities will remain in effect for the lifetime of the system.
- proper integrity checks on privileged operations such as verifying page tables of newly mapped processors and verifying that the MMU or virtual page access control protections are not disabled, the secure world will guarantee that both memory protection and active monitoring are in place for the normal world.
- FIG. 2 is a block diagram illustrating a system for active monitoring and memory protection of a target device according to an embodiment of the subject matter described herein.
- the system includes a normal world virtual processor 100 and a secure world virtual processor 102 on a target device 104.
- Normal world virtual processor 102 and secure world virtual processors may each be ARM TrustZone virtual processors, as described in ARM Security Technology, Building a Secure System using TrustZone Technology, ARM Whitepaper, ARM Limited (2009); the disclosure of which is incorporated herein by reference in its entirety.
- Target device 104 may be any computing platform on which isolation can be achieved using normal and secure world virtual processors. Examples of such computing platforms include servers, desktop computers, mobile devices, such as smart phones, PDAs, or tablet computers or embedded systems, which may include a processor and associated memory embedded in an appliance or industrial device, such as a power or water meter.
- a target operating system 106 is executed on normal world virtual processor 100 and an integrity verification agent 108 is executed on secure world virtual processor 102.
- the execution of certain critical operations is trapped to secure world virtual processor 102. Examples of trapped operations include regular data abort exceptions or supervisory mode calls used for system calls.
- the trapped operations are executed on secure world virtual processor 102.
- Integrity verification agent 108 monitors execution of the trapped operations on secure world virtual processor 102 to evaluate effects of the execution of the trapped operations on integrity of target device 104.
- target device 104 may be a smart phone and the user may switch between a voice call and an email application.
- target OS 106 may write a new value to the processor control register, CP15, to switch between processes.
- CP15 processor control register
- Integrity verification agent 108 may examine the value being written to CP15. In this instance, the value may be the process ID or memory location for the email application. To validate the process ID, integrity verification agent 108 may search a list of allowed processes to see whether the email application is permitted to execute. In this instance, it is assumed that the email application is permitted to execute and secure world virtual processor 102 may allow the email application to execute.
- the memory location or process ID attempted to be written to CP15 may corresponding to malware, which would not be in the list of permitted applications. In such a situation, secure world virtual processor 102 may prevent the malware from executing. It should also be noted that integrity verification agent 108 may consult with an external system to verify an application or process, for example, using a cryptographic signature of the application.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Hardware Redundancy (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261679305P | 2012-08-03 | 2012-08-03 | |
PCT/US2013/000074 WO2014021919A2 (fr) | 2012-08-03 | 2013-03-15 | Procédés, systèmes et support lisible par ordinateur pour surveillance active, protection de mémoire et vérification d'intégrité de dispositifs cibles |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2880587A2 true EP2880587A2 (fr) | 2015-06-10 |
EP2880587A4 EP2880587A4 (fr) | 2016-04-27 |
EP2880587B1 EP2880587B1 (fr) | 2017-05-10 |
Family
ID=50028637
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP13824785.3A Not-in-force EP2880587B1 (fr) | 2012-08-03 | 2013-03-15 | Procédés, systèmes et support lisible par ordinateur pour surveillance active, protection de mémoire et vérification d'intégrité de dispositifs cibles |
Country Status (8)
Country | Link |
---|---|
US (1) | US9483635B2 (fr) |
EP (1) | EP2880587B1 (fr) |
KR (1) | KR20150038574A (fr) |
CN (1) | CN104520867B (fr) |
AU (1) | AU2013297064B2 (fr) |
BR (1) | BR112015002316A2 (fr) |
RU (1) | RU2615664C2 (fr) |
WO (1) | WO2014021919A2 (fr) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102183852B1 (ko) * | 2013-11-22 | 2020-11-30 | 삼성전자주식회사 | 전자 장치의 무결성 검증을 위한 방법, 저장 매체 및 전자 장치 |
US9672354B2 (en) | 2014-08-18 | 2017-06-06 | Bitdefender IPR Management Ltd. | Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine |
US9832207B2 (en) | 2014-12-23 | 2017-11-28 | Mcafee, Inc. | Input verification |
US9996690B2 (en) | 2014-12-27 | 2018-06-12 | Mcafee, Llc | Binary translation of a trusted binary with input tagging |
US9798559B2 (en) | 2014-12-27 | 2017-10-24 | Mcafee, Inc. | Trusted binary translation |
US10019576B1 (en) | 2015-04-06 | 2018-07-10 | Intelligent Automation, Inc. | Security control system for protection of multi-core processors |
US10025925B2 (en) * | 2015-06-23 | 2018-07-17 | Adventium Enterprises, Llc | Dynamically measuring the integrity of a computing apparatus |
WO2017019061A1 (fr) * | 2015-07-29 | 2017-02-02 | Hewlett Packard Enterprise Development Lp | Pare-feu pour déterminer un accès à une partie d'une mémoire |
US10282224B2 (en) | 2015-09-22 | 2019-05-07 | Qualcomm Incorporated | Dynamic register virtualization |
US10055577B2 (en) * | 2016-03-29 | 2018-08-21 | Intel Corporation | Technologies for mutual application isolation with processor-enforced secure enclaves |
US10019583B2 (en) | 2016-04-01 | 2018-07-10 | Samsung Electronics Co., Ltd. | Method and apparatus for performing protected walk-based shadow paging using multiple stages of page tables |
US10282190B2 (en) * | 2016-12-01 | 2019-05-07 | Dell Products, L.P. | System and method for updating a UEFI image in an information handling system |
KR102021008B1 (ko) | 2017-08-23 | 2019-09-11 | 서울대학교산학협력단 | Arm 시스템 소프트웨어 대한 인트라 레벨 권한 분리 시스템 및 방법 |
KR102416501B1 (ko) * | 2017-09-20 | 2022-07-05 | 삼성전자주식회사 | 전자 장치 및 그의 제어 방법 |
KR102514062B1 (ko) | 2018-02-27 | 2023-03-24 | 삼성전자주식회사 | 트러스트존 그래픽 렌더링 방법 및 그에 따른 디스플레이 장치 |
CN109684126B (zh) * | 2018-12-25 | 2022-05-03 | 贵州华芯通半导体技术有限公司 | 用于arm设备的内存校验方法和执行内存校验的arm设备 |
US11640361B2 (en) | 2019-03-08 | 2023-05-02 | International Business Machines Corporation | Sharing secure memory across multiple security domains |
US11531627B2 (en) | 2019-03-08 | 2022-12-20 | International Business Machines Corporation | Secure storage isolation |
US11487906B2 (en) * | 2019-03-08 | 2022-11-01 | International Business Machines Corporation | Storage sharing between a secure domain and a non-secure entity |
CN111382445B (zh) * | 2020-03-03 | 2023-04-07 | 首都师范大学 | 利用可信执行环境系统提供可信服务的方法 |
US11455395B2 (en) | 2020-06-17 | 2022-09-27 | Hewlett Packard Enterprise Development Lp | Perform verification check in response to change in page table base register |
CN112256396B (zh) * | 2020-10-23 | 2022-10-21 | 海光信息技术股份有限公司 | 内存管理方法、系统及安全处理装置、数据处理装置 |
CN113239329B (zh) * | 2021-04-19 | 2024-03-19 | 南京大学 | 一种用于移动端应用程序的可信执行环境的实现系统 |
Family Cites Families (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1303097A3 (fr) * | 2001-10-16 | 2005-11-30 | Microsoft Corporation | Systeme virtuel réparti de sécurité |
US7149862B2 (en) | 2002-11-18 | 2006-12-12 | Arm Limited | Access control in a data processing apparatus |
WO2004046925A1 (fr) | 2002-11-18 | 2004-06-03 | Arm Limited | Commutation de mode de securite via un vecteur d'exception |
AU2003302996A1 (en) | 2002-12-12 | 2004-07-09 | Finite State Machine Labs, Inc. | Systems and methods for detecting a security breach in a computer system |
US20050107163A1 (en) * | 2003-11-13 | 2005-05-19 | Nguyen Binh T. | Methods and apparatus for providing an electronic operational event trail for a gaming apparatus |
EP1870814B1 (fr) * | 2006-06-19 | 2014-08-13 | Texas Instruments France | Procédé et dispositif pour pagination sécurisée pour dispositifs de microprocesseurs |
US7908653B2 (en) * | 2004-06-29 | 2011-03-15 | Intel Corporation | Method of improving computer security through sandboxing |
US8955104B2 (en) * | 2004-07-07 | 2015-02-10 | University Of Maryland College Park | Method and system for monitoring system memory integrity |
WO2007050797A2 (fr) * | 2005-10-25 | 2007-05-03 | Secure64 Software Corporation | Moniteur de machine virtuelle securise |
US8732824B2 (en) * | 2006-01-23 | 2014-05-20 | Microsoft Corporation | Method and system for monitoring integrity of running computer system |
US20070226795A1 (en) * | 2006-02-09 | 2007-09-27 | Texas Instruments Incorporated | Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture |
US7950020B2 (en) * | 2006-03-16 | 2011-05-24 | Ntt Docomo, Inc. | Secure operating system switching |
RU2321055C2 (ru) * | 2006-05-12 | 2008-03-27 | Общество с ограниченной ответственностью Фирма "Анкад" | Устройство защиты информации от несанкционированного доступа для компьютеров информационно-вычислительных систем |
US8099574B2 (en) * | 2006-12-27 | 2012-01-17 | Intel Corporation | Providing protected access to critical memory regions |
EP2075696A3 (fr) * | 2007-05-10 | 2010-01-27 | Texas Instruments Incorporated | Circuits associés à l'interruption, systèmes et procédés associés |
US8250641B2 (en) * | 2007-09-17 | 2012-08-21 | Intel Corporation | Method and apparatus for dynamic switching and real time security control on virtualized systems |
US8578483B2 (en) | 2008-07-31 | 2013-11-05 | Carnegie Mellon University | Systems and methods for preventing unauthorized modification of an operating system |
US8819225B2 (en) * | 2010-11-15 | 2014-08-26 | George Mason Research Foundation, Inc. | Hardware-assisted integrity monitor |
US20120216281A1 (en) | 2011-02-22 | 2012-08-23 | PCTEL Secure LLC | Systems and Methods for Providing a Computing Device Having a Secure Operating System Kernel |
US8712407B1 (en) * | 2012-04-05 | 2014-04-29 | Sprint Communications Company L.P. | Multiple secure elements in mobile electronic device with near field communication capability |
-
2013
- 2013-03-15 AU AU2013297064A patent/AU2013297064B2/en not_active Ceased
- 2013-03-15 US US14/419,222 patent/US9483635B2/en not_active Expired - Fee Related
- 2013-03-15 EP EP13824785.3A patent/EP2880587B1/fr not_active Not-in-force
- 2013-03-15 WO PCT/US2013/000074 patent/WO2014021919A2/fr active Application Filing
- 2013-03-15 KR KR20157005560A patent/KR20150038574A/ko not_active Application Discontinuation
- 2013-03-15 CN CN201380041361.4A patent/CN104520867B/zh not_active Expired - Fee Related
- 2013-03-15 RU RU2015107219A patent/RU2615664C2/ru not_active IP Right Cessation
- 2013-03-15 BR BR112015002316A patent/BR112015002316A2/pt not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
BR112015002316A2 (pt) | 2017-07-04 |
CN104520867A (zh) | 2015-04-15 |
WO2014021919A2 (fr) | 2014-02-06 |
RU2015107219A (ru) | 2016-09-27 |
RU2615664C2 (ru) | 2017-04-06 |
AU2013297064A1 (en) | 2015-03-05 |
CN104520867B (zh) | 2017-10-31 |
KR20150038574A (ko) | 2015-04-08 |
WO2014021919A3 (fr) | 2014-03-27 |
US9483635B2 (en) | 2016-11-01 |
EP2880587A4 (fr) | 2016-04-27 |
EP2880587B1 (fr) | 2017-05-10 |
AU2013297064B2 (en) | 2016-06-16 |
US20150199507A1 (en) | 2015-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9483635B2 (en) | Methods, systems, and computer readable medium for active monitoring, memory protection and integrity verification of target devices | |
Ge et al. | Sprobes: Enforcing kernel code integrity on the trustzone architecture | |
Azab et al. | Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world | |
Azab et al. | SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. | |
Shi et al. | Deconstructing Xen. | |
KR102189296B1 (ko) | 가상 머신 보안 어플리케이션을 위한 이벤트 필터링 | |
US20120216281A1 (en) | Systems and Methods for Providing a Computing Device Having a Secure Operating System Kernel | |
KR102183852B1 (ko) | 전자 장치의 무결성 검증을 위한 방법, 저장 매체 및 전자 장치 | |
US20160210069A1 (en) | Systems and Methods For Overriding Memory Access Permissions In A Virtual Machine | |
WO2016105562A1 (fr) | Protection d'une mémoire à l'aide de pages non lisibles | |
JP7432586B2 (ja) | スタック・ポインタを検証すること | |
Ding et al. | HyperVerify: A VM-assisted architecture for monitoring hypervisor non-control data | |
Lee et al. | SofTEE: Software-based trusted execution environment for user applications | |
Lacombe et al. | Enforcing kernel constraints by hardware-assisted virtualization | |
Jang et al. | SelMon: reinforcing mobile device security with self-protected trust anchor | |
Korkin | Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces | |
Suzaki et al. | Kernel memory protection by an insertable hypervisor which has VM introspection and stealth breakpoints | |
Ha et al. | Protecting Kernel Code Integrity with PMP on RISC-V | |
Chen et al. | DScope: To Reliably and Securely Acquire Live Data from Kernel-Compromised ARM Devices | |
KR20220103253A (ko) | 모바일 신뢰 실행 환경의 보안성 강화를 위한 장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20150302 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20160329 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 11/30 20060101ALI20160321BHEP Ipc: G06F 21/53 20130101ALI20160321BHEP Ipc: G06F 21/50 20130101AFI20160321BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20161012 |
|
GRAJ | Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted |
Free format text: ORIGINAL CODE: EPIDOSDIGR1 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20161121 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 893036 Country of ref document: AT Kind code of ref document: T Effective date: 20170515 Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602013021070 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: FP |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 893036 Country of ref document: AT Kind code of ref document: T Effective date: 20170510 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170810 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170811 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170810 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170910 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602013021070 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20180221 Year of fee payment: 6 |
|
26N | No opposition filed |
Effective date: 20180213 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20180222 Year of fee payment: 6 Ref country code: DE Payment date: 20180220 Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20180331 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180331 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180331 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180331 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180331 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602013021070 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MM Effective date: 20190401 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20190315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180315 Ref country code: NL Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190401 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20191001 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190315 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20170510 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20130315 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20170510 |